I've looked at version 17. Most of it is ok. Just a couple of notes, top posted:
1. Section 8.2: I'm still struggling with finding the point here. I'd like to be a bit more cohesive. State the issues/recommendations up front (i.e tell a story). It looks like you are claiming that the end customer 'has to' run a private PKI, the manufacturer 'could' run a private PKI for the whole thing, or the manufacturer 'could' use some subset of Web PKI Trust Anchors (which you call something else). I've tried to do the 'use the public WebPKI' part below. 2. Section 8.2, last three paras: These are actually just three sentences. Let's see if we can make a paragraph out of them. Put the last sentence first, and second sentence second, and first sentence last. Something like: "It is recommended for Manufacturers to work with their VARs to determine if there is a subset of publicly trusted (Web) PKI Trust Anchors that would satisfy all their VARs, and to ship only that subset. Manufacturers need to include enough trust anchors in their devices (the Pledges) so that all expected Cloud Registrar's can be validated. While there is no requirement that Cloud Registrar's certificates are part of the public (WebPKI) Trust Anchors, it is likely simpler and cheaper for most such systems to use these easily obtained certificates." Nits: 8.1, para 2: 'device.is sheltered'/'device is sheltered . 8.2, para 3: 'operate enough of a private PKI'/'operate a private PKI' On Fri, Aug 8, 2025 at 9:59 AM Deb Cooley <[email protected]> wrote: > I've looked at the rest of the proposed changes. They look pretty good to > me, but I'll give it one more look once the new draft is published. > > Again, just for completeness... you would have to define 'sheltered' where > I think 'protected' or 'isolated' might be more easily understood. > > Deb > > On Thu, Aug 7, 2025 at 12:24 PM Michael Richardson <[email protected]> > wrote: > >> >> Deb Cooley <[email protected]> wrote: >> > Thanks for that work. Just one quick suggestion now, I'll review >> the rest >> > after the telechat today. >> >> > sheltered could be 'protected' or 'isolated'? >> >> I'll go with "protected", but I wonder if we shouldn't find a place to >> define >> "sheltered" to mean that some generic protections are in place, but not >> specific negative ACLs. >> >> Thank you. >> >> -- >> Michael Richardson <[email protected]> . o O ( IPv6 IøT consulting >> ) >> Sandelman Software Works Inc, Ottawa and Worldwide >> >> >> >> >>
_______________________________________________ Anima mailing list -- [email protected] To unsubscribe send an email to [email protected]
